Thursday, October 12, 2017

OnePlus collecting significant amounts of identifiable data

All smartphones collect analytics data. This data is important for the manufacturer to improve both software and hardware. However, this data is usually anonymous and hopefully limited in scope.

However, OnePlus was found to be collecting large amounts of data from the OnePlus 2 by Christopher Moore. By checking the network traffic, he found that the device was sending data to OnePlus that probably shouldn’t leave the phone.

The data included basic things like unexpected reboots, but also when the device was locked, unlocked, and when apps were opened. Then there was the identifiable info like the IMEI number, phone number, phone serial number, WiFi info, MAC addresses, and more.

While part of this data collection can be turned off (Settings > Advanced > Join user experience program), much of it can not. The OnePlus Device Manager app is sending the data and can be disabled with ADB and no root (send ADB command “pm uninstall -k –user 0 net.oneplus.odm”) but it’s unknown if this could affect device functionality.

If you don’t like your data being collected to this extent, maybe OnePlus devices aren’t for you. It just seems excessive. Thankfully the data is encrypted so there isn’t a security risk, but your data is still stored somewhere and who knows for how long.